CVE-2025-23193

SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3561264	Permissions Required
https://url.sap/sapsecuritypatchday	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:sap_basis:700:::::::*
	cpe:2.3:a:sap:sap_basis:701:::::::*
	cpe:2.3:a:sap:sap_basis:702:::::::*
	cpe:2.3:a:sap:sap_basis:731:::::::*
	cpe:2.3:a:sap:sap_basis:740:::::::*
	cpe:2.3:a:sap:sap_basis:750:::::::*
	cpe:2.3:a:sap:sap_basis:751:::::::*
	cpe:2.3:a:sap:sap_basis:752:::::::*
	cpe:2.3:a:sap:sap_basis:753:::::::*
	cpe:2.3:a:sap:sap_basis:754:::::::*
	cpe:2.3:a:sap:sap_basis:755:::::::*
	cpe:2.3:a:sap:sap_basis:756:::::::*
	cpe:2.3:a:sap:sap_basis:757:::::::*
	cpe:2.3:a:sap:sap_basis:758:::::::*

History

No history.

Information

Published : 2025-02-11 01:15

Updated : 2025-10-23 18:37

NVD link : CVE-2025-23193

Mitre link : CVE-2025-23193

CVE.ORG link : CVE-2025-23193

JSON object : View

Products Affected

sap

sap_basis

CWE

CWE-204

Observable Response Discrepancy

{"id": "CVE-2025-23193", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-02-11T01:15:10.700", "references": [{"url": "https://me.sap.com/notes/3561264", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability."}, {"lang": "es", "value": "SAP NetWeaver Server ABAP permite que un atacante no autenticado aproveche una vulnerabilidad que hace que el servidor responda de forma diferente en funci\u00f3n de la existencia de un usuario espec\u00edfico, lo que podr\u00eda revelar informaci\u00f3n confidencial. Este problema no permite la modificaci\u00f3n de datos y no afecta a la disponibilidad del servidor."}], "lastModified": "2025-10-23T18:37:18.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5"}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6"}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71"}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA"}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8"}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153"}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB"}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D"}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC"}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}